8

Previously our application ran on .net framework and we used powershell to install our certificate into the certificate store by running the following command:

RUN powershell -NoProfile -Command \ $Secure_String_Pwd = ConvertTo-SecureString "ourverysecretpassword" -AsPlainText -Force ; \ Import-PfxCertificate -FilePath /cert.pfx -CertStoreLocation Cert:\LocalMachine\Root -Exportable -Password $Secure_String_Pwd

but now we have transferred our code to .netcore, the above command wont work in the dockerfile anymore.

Any idea on how to install an existing .pfx certificate via the dockerfile into the docker container?

[EDIT] Im trying to run my container on windows, here is the complete dockerfile, maybe its just that i use the wrong image:

This is the entire docker file:

FROM microsoft/dotnet

COPY ./Web /app/

COPY cert.pfx /cert.pfx

RUN powershell -NoProfile -Command \
 $Secure_String_Pwd = ConvertTo-SecureString "againourverysecretpassword" -
AsPlainText -Force ; \
 Import-PfxCertificate -FilePath /cert.pfx  -CertStoreLocation 
 Cert:\LocalMachine\Root -Exportable -Password $Secure_String_Pwd

WORKDIR /app

EXPOSE 5000 
ENTRYPOINT ["dotnet", "myhost.dll"]

Anyhow it fails on the run powershell command, saying: 'powershell' is not recognized as an internal or external command, operable program or batch file.

M. Berkhof
  • 83
  • 1
  • 1
  • 5

1 Answers1

13

Is your Docker container running on Linux?

I assume that it is. Then your base image should be microsoft/aspnetcore, which is based on Ubuntu.

You should add this in your DOCKERFILE:

COPY ca_bundle.crt /usr/local/share/ca-certificates/your_ca.crt
RUN update-ca-certificates

First line copies your CA bundle into the image, the second line updates the CA list.

The CA bundle (the list of authorities that signed your certificate) can be extracted from PFX, just Google for it. This is the first link I found.

If your container is running on Windows, then Powershell command should work as-is (I'm not sure about that)

Mario Cianciolo
  • 1,223
  • 10
  • 17
  • 1
    The correct image for runtime should be `microsoft/aspnetcore`. Judging from the error message (*'powershell' is not recognized as an internal or external command, operable program or batch file*) this is a Windows container. Note that you can have Linux containers on Windows machine, hence my doubt. Being a Windows container, unfortunately these commands do not apply. – Mario Cianciolo Mar 07 '18 at 14:56
  • ill try to convert to linux container, but my linux knowledge is kinda rusty. Though this shouldnt be to hard to do, must be that windows containers are newish still. – M. Berkhof Mar 07 '18 at 15:04
  • Wouldn't it be better to copy the certificate to the host OS and expose it to the container via a Docker volume? That way, the certificate doesn't end up in the Docker image, which might get distributed or otherwise end up in an unsafe place. – Sandor Drieënhuizen Apr 14 '21 at 12:39